[Freeipa-users] Service accounts and groups
KodaK
sakodak at gmail.com
Thu Feb 7 22:22:25 UTC 2013
On Thu, Feb 7, 2013 at 1:46 PM, Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
> Hi,
>
> I have had little to do with permissions until now so bear with me if the Qs are obviously stupid, probably not really IPA but a linux blind spot I have....anyway,
>
> So I have a service account with its group this runs a database.
>
> So oracle with uid 2000 and gid 2000. I have some other users that need to be in the oracle user's group but I cant do that in IPA?
>
Is oracle an IPA user and group or a local user and group?
Assuming a Linux host and a local oracle user and group: you can add
the IPA users to a local group and it will work. I have no idea if
that's the "right" way to do it, though.
> I created a user group called oragrp gid 2001 but the user oracle is creating files with a uid of 2000 and gid of 2000 and not a gid of 2001 which I assume would fix it?
Again, if oracle is a local user, you can change his primary group
using "usermod -G 2001 oracle" -- but you might as well just add the
IPA users to the local oracle group.
--Jason
More information about the Freeipa-users
mailing list